Skip to content

Commit

Permalink
Update Linkerd Lab (Azure#245)
Browse files Browse the repository at this point in the history
* Updated Linkerd Lab.

* Added 2.11
* Added Debugging
* Added Service Profiles
* Updated docs to include policy

* Update dashboard image.

* Add resources.
  • Loading branch information
JasonMorgan authored Oct 8, 2021
1 parent 6734638 commit 9ad5a0a
Show file tree
Hide file tree
Showing 4 changed files with 181 additions and 28 deletions.
151 changes: 123 additions & 28 deletions labs/servicemesh/linkerd/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

Linkerd is a service sidecar designed to give service owners automatic observability, reliability, and runtime diagnostics for their service without requiring configuration or code changes. Linkerd is also a service mesh, running across an entire cluster to provide platform-wide telemetry, security, and reliability.

Linkerd is a Cloud Native Computing Foundation (CNCF) project.
Linkerd is a graduated Cloud Native Computing Foundation (CNCF) project.

**This lab will focus on the v2 release of Linkerd**

Expand Down Expand Up @@ -39,7 +39,7 @@ Linkerd is a Cloud Native Computing Foundation (CNCF) project.
# verify CLI (ignore that the server version is unavailable)
linkerd version
Client version: stable-2.8.1
Client version: stable-2.11.0
Server version: unavailable
```

Expand All @@ -48,20 +48,7 @@ Linkerd is a Cloud Native Computing Foundation (CNCF) project.
```bash
linkerd check --pre
kubernetes-api: can initialize the client..................................[ok]
kubernetes-api: can query the Kubernetes API...............................[ok]
kubernetes-api: is running the minimum Kubernetes API version..............[ok]
kubernetes-setup: control plane namespace does not already exist...........[ok]
kubernetes-setup: can create Namespaces....................................[ok]
kubernetes-setup: can create ClusterRoles..................................[ok]
kubernetes-setup: can create ClusterRoleBindings...........................[ok]
kubernetes-setup: can create ServiceAccounts...............................[ok]
kubernetes-setup: can create Services......................................[ok]
kubernetes-setup: can create Deployments...................................[ok]
kubernetes-setup: can create ConfigMaps....................................[ok]
kubernetes-setup: can create CustomResourceDefinitions.....................[ok]
linkerd-version: can determine the latest version..........................[ok]
linkerd-version: cli is up-to-date.........................................[ok]
...
Status check results are [ok]
```
Expand All @@ -75,25 +62,22 @@ Linkerd is a Cloud Native Computing Foundation (CNCF) project.
5. Validate

```bash
kubectl -n linkerd get deploy
linkerd check
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
linkerd-controller 1 1 1 1 30m
linkerd-grafana 1 1 1 1 30m
linkerd-prometheus 1 1 1 1 30m
linkerd-web 1 1 1 1 30m
...
Status check results are [ok]
```

6. Open the Dashboard

```bash
linkerd dashboard
linkerd viz dashboard
```

Browse the dashboard:

![Dashboard](linkerd-dashboard.png "Dashboard")


7. Use `helm template` to create manifest for injection

Expand Down Expand Up @@ -143,15 +127,126 @@ Linkerd is a Cloud Native Computing Foundation (CNCF) project.
10. Try some other Linkerd features
* Automating injection. https://linkerd.io/2/tasks/automating-injection
* Setup mTLS encryption. https://linkerd.io/2/features/automatic-mtls
* Routing and Service Profiles. https://linkerd.io/2/features/service-profiles
* [Automating injection.](https://linkerd.io/2/tasks/automating-injection)
* [Setup mTLS encryption.](https://linkerd.io/2/features/automatic-mtls)
* [Routing and Service Profiles.](https://linkerd.io/2/features/service-profiles)
* [Server policy.](https://linkerd.io/2.11/features/server-policy/)
## Troubleshooting / Debugging
### Finding the bad path with Emojivoto
In this section you'll have to work out the solution on your own. Some steps have been provided but ultimately you'll need to use Linkerd to determine what's going wrong with your application.

1. Install emojivoto

```bash
curl -sL https://run.linkerd.io/emojivoto.yml | linkerd inject - | kubectl apply -f -
```

2. Launch the Linkerd dashboard

```bash
linkerd viz dashboard
```

Browse the dashboard:

![Dashboard](linkerd-dashboard.png "Dashboard")

3. Figure out what's breaking emojivoto!
* Sort namespaces by success rate
* Go into the emojivoto namespace
* Look at the application graph
* Sort deployments by success rate
* Browse to a deployment and view the live api calls
* Can you see which component is the root of the issue?
* Can you see which specific path is failing?
Still having trouble? View the step by step cli commands [here](debug-emojivoto.sh).
### Mitigate an issue with retries
In this section we will diagnose and repair an issue with a sample application using Linkerd's service profile resource.

1. Install Booksapp

```bash
kubectl create ns booksapp
curl -sL https://run.linkerd.io/booksapp.yml | kubectl -n booksapp apply -f -
```

2. Access the app

You can do this a number of different ways, expose it via a load balancer, add a mapping for your ingress, or port-forward it via the cli. We will show how to get to it from the cli.

```bash
kubectl -n booksapp port-forward svc/webapp 7000
```

* Browse to localhost:7000
* try adding a new book a few times and see if you run into an issue

3. Make some service profiles

```bash
# Create our first service profile using a swagger file
curl -sL https://run.linkerd.io/booksapp/webapp.swagger | linkerd -n booksapp profile --open-api - webapp
# Inspect the resulting yaml
# Begin applying service profiles
curl -sL https://run.linkerd.io/booksapp/webapp.swagger | linkerd -n booksapp profile --open-api - webapp | kubectl -n booksapp apply -f -
curl -sL https://run.linkerd.io/booksapp/authors.swagger | linkerd -n booksapp profile --open-api - authors | kubectl -n booksapp apply -f -
curl -sL https://run.linkerd.io/booksapp/books.swagger | linkerd -n booksapp profile --open-api - books | kubectl -n booksapp apply -f -
# Check out the new service profile objects
kubectl get serviceprofile
```

4. Diagnose our app using serviceprofiles

We're going to use the linkerd cli to inspect our routes. Routes come from service profiles and allow us to instrument things like retries.
```bash
linkerd viz -n booksapp routes svc/webapp
linkerd viz -n booksapp routes deploy/webapp --to svc/books
linkerd viz -n booksapp routes deploy/books --to svc/authors
```
* Those commands will show you the current status on the booksapp routes
* Can you diagnose the issue by looking at the routes?
* Continue to the next section once you see the problem or get bored of looking
5. Fix it with retries
Now that we've diagnosed the issue we can repair it using serviceprofiles!

```bash
# Edit the service profile for the authors service
kubectl -n booksapp edit sp/authors.booksapp.svc.cluster.local
# in the editor go down to the route named HEAD /authors/{id}.json and add a new value after the name.
## Add the following to the yaml at the same indent as name:
## isRetryable: true
```

Now you should be able to watch booksapp begin succeeding on it's end to end calls. For more information along with a step by step video please see [this talk.](https://www.youtube.com/watch?v=YJ8zP-lqB5E)
## Docs / References
* [Linkerd on Github](https://github.com/linkerd/linkerd2)
* [Linkerd docs](https://linkerd.io/2.11/overview/)
* [Linkerd Slack community](slack.linkerd.io)
25 changes: 25 additions & 0 deletions labs/servicemesh/linkerd/debug-emojivoto.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
#!/bin/bash

# Checkout the emojivoto deployments

linkerd viz stat deployment -n emojivoto

# Get stats for the web service

linkerd viz top -n emojivoto deploy/web

# Get stats for the voting service

linkerd viz top -n emojivoto deploy/voting

# Tap the traffic from web to voting

linkerd viz tap deployment/web -n emojivoto --to deployment/voting --path / | less

# Narrow down the tap results to our problematic api call

linkerd viz tap deployment/web -n emojivoto --to deployment/voting --path /emojivoto.v1.VotingService/VoteDoughnut | less

# Output the tap calls as json data so you can share it with the app developer

linkerd viz tap deployment/web -n emojivoto --to deployment/voting --path /emojivoto.v1.VotingService/VoteDoughnut -o json | less
Binary file modified labs/servicemesh/linkerd/linkerd-dashboard.png
100644 → 100755
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
33 changes: 33 additions & 0 deletions labs/servicemesh/linkerd/service-profiles.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
#! /bin/bash

kubectl create ns booksapp

curl -sL https://run.linkerd.io/booksapp.yml | kubectl -n booksapp apply -f -

kubectl -n booksapp port-forward svc/webapp 7000

kubectl get deploy -n booksapp -o yaml | linkerd inject - | kubectl apply -f -

curl -sL https://run.linkerd.io/booksapp/webapp.swagger | linkerd -n booksapp profile --open-api - webapp

curl -sL https://run.linkerd.io/booksapp/webapp.swagger | linkerd -n booksapp profile --open-api - webapp | kubectl -n booksapp apply -f -

curl -sL https://run.linkerd.io/booksapp/authors.swagger | linkerd -n booksapp profile --open-api - authors | kubectl -n booksapp apply -f -

curl -sL https://run.linkerd.io/booksapp/books.swagger | linkerd -n booksapp profile --open-api - books | kubectl -n booksapp apply -f -

linkerd viz -n booksapp routes svc/webapp

linkerd viz -n booksapp routes deploy/webapp --to svc/books

linkerd viz -n booksapp routes deploy/books --to svc/authors

kubectl -n booksapp edit sp/authors.booksapp.svc.cluster.local

linkerd viz -n booksapp routes deploy/books --to svc/authors -o wide

linkerd viz -n booksapp routes deploy/webapp --to svc/books

kubectl -n booksapp edit sp/books.booksapp.svc.cluster.local

linkerd viz -n booksapp routes deploy/webapp --to svc/books -o wide

0 comments on commit 9ad5a0a

Please sign in to comment.